On Jan 31, 2011, at 3:11 PM, Christopher Morrow wrote: >> I understand this is by design, but I can imagine some operators will be >> reluctant to actually drop routes when they start testing RPKI deployments >> in their networks. > > yes, but what is the way forward?
RPKI in my IPv6? :) Someone is going to be the first person to jump into this sea. It continues to be something that I am interested in. If you look at the risk to your $dayjob, at minimum you should be looking at RPKI for your infrastructure IP space, similar to how you might obtain a certificate for your corporate website. I applaud vendors of hardware and IP services that have managed to do BCP-38 type packet filtering. It cleans up the mess others have to see. This is the same thing IMHO. We need to keep the routing infrastructure secure. This doesn't mean you have to secure your network. But I can decide that if you buy into the same security model as described via SIDR/RPKI you may obtain better preference in my network. - Jared
